TEHDAS2 publishes new specifications for secure processing environments under the EHDS
TEHDAS2 has published technical specifications defining how secure processing environments (SPEs) required under the European Health Data Space (EHDS) should be designed, operated and governed. The document provides health data access bodies (HDABs) with a common basis for implementing SPEs for the secondary use of electronic health data.
The document outlines the minimum technical, functional and security capabilities that SPEs must offer. Under the EHDS, HDABs must grant access to data exclusively through controlled environments that enforce strict safeguards for confidentiality and security. These SPEs may be offered as a service from outside the HDAB organisation.
A high-level framework for implementation
The specification sets out minimum requirements for SPEs and the capabilities needed to protect sensitive data while enabling scientific research. It provides a common reference for implementation across national settings. It also defines baseline interoperability requirements for SPE-based federations, supporting data processing across organisations and Member States.
The document is intended to inform follow-on technical guidance, standardisation work and the European Commission’s implementing acts. In doing so, it emphasises the value of a consistent approach to SPEs across Member States as a basis for trust.
“Our goal was to identify the essential capabilities of secure processing environments to safeguard sensitive data without limiting scientific research. We ensured the specifications are flexible enough to adapt to future research and technological challenges,” said Helena Lodenius, Senior Project Coordinator at CSC – IT Center for Science and co-author of the deliverable.
The specification clearly separates minimum requirements for stand-alone SPEs required by EHDS from the target ecosystem that makes possible federated computing.
The non-binding technical specification builds on earlier TEHDAS work, public consultation feedback and an assessment of existing SPE solutions in Europe and internationally.
Download document: Technical specification for health data access bodies on the implementation of secure processing environments
A summary of the comments received during the public consultation and how they were addressed is available in the annex.
View published TEHDAS2 results
Key recommendations stemming from the work
For Member States
- Implement interoperable, EHDS-compliant SPEs aligned with international standards.
- Foster a market of specialised SPEs to address diverse use cases.
- Prepare national ecosystems for automation, future scalability and the use of SPE infrastructures beyond the health sector.
For the European Commission
- Establish an enabling and forward-looking legislation that will not be affected by technological change.
- Aim for a fully interoperable data space built on trust enhancing mechanisms.
- Protect sensitive data throughout its life cycle and enable distributed processing rather than focusing on isolated, stand-alone SPEs.
Share away!